Seattle Public Library Recovering from Ransomware Attack

The Seattle Public Library (SPL) is continuing to recover from a ransomware attack on Saturday, May 25. At press time, all branches were open, in-person and virtual programs and events were still being hosted, books and other physical materials were available for checkout, and online services provided by third-party vendors including ProQuest, Hoopla, Kanopy, and others were available to patrons. However, access to SPL’s ebooks and e-audiobooks, public computers, in-building Wi-Fi, printing and copying services, pickup lockers, museum pass services, interlibrary loan services, and some other online resources remained unavailable.

Seattle Public Library logoUPDATE: On Thursday, June 13, Seattle Public Library reported that access to ebooks and e-audiobooks had been restored.

The Seattle Public Library (SPL) is continuing to recover from a ransomware attack on Saturday, May 25. At press time, all branches were open, in-person and virtual programs and events were still being hosted, books and other physical materials were available for checkout, and online services provided by third-party vendors including ProQuest, Hoopla, Kanopy, and others were available to patrons. However, access to SPL’s public computers, in-building Wi-Fi, printing and copying services, pickup lockers, museum pass services, interlibrary loan services, and some other online resources remained unavailable.

“The library quickly engaged third-party forensic specialists, contacted law enforcement, and took our systems fully offline to interrupt and better assess the nature and impacts of the event,” according to a statement issued by SPL shortly after the attack. “With our external partners, we continue to investigate the source of this disruption and are working as quickly and diligently as we can to confirm the extent of the impacts and restore full functionality to our systems. Privacy and security of patron and employee information are top priorities.”

Library officials have told news outlets including The Seattle Times that SPL is currently unable to share details about the attack—including any ransom demand—during the ongoing investigation. SPL has been posting regular updates for patrons and other interested parties on its Shelf Talk blog.

Ransomware is a type of malware that encrypts files throughout a targeted network, blocking access to a victim’s data and enabling cybercriminals to demand a ransom for unlocking the files. It is a growing problem, with cybersecurity company SANS Institute estimating that ransomware attacks increased by 73 percent in 2023 compared with 2022. According to SANS, the most targeted industries last year were construction, hospitals and healthcare, IT services, financial services, and law practices, but attackers are often indiscriminate, and public libraries, higher ed institutions, K–12 schools, and local governments have all been targeted in recent years. Notably, the Toronto Public Library, the British Library, and the London Public Library were all attacked in 2023. “Ransomware is becoming so pervasive, and it’s affecting organizations dedicated to community well-being such as hospitals, schools, and libraries, of course,” Toronto City Librarian Vickery Bowles told LJ in early January when the library’s attack was close to being resolved. “I really feel that public sector organizations are becoming targets.”

As LJ previously reported, the U.S. Federal Bureau of Investigation recommends the following best practices to mitigate ransomware risks.

  • Regularly back up your organization’s data, system images, and configurations; test the backups; and make sure the backups are not connected to the network.
  • Have staff use multifactor authentication to log into their work email and other work accounts.
  • Update and patch your systems whenever updates are issued.
  • Keep all security solutions up to date.
  • Create an incident response plan and test it.

The most common attack vectors used by cybercriminals to deploy ransomware include phishing attacks that trick a legitimate user into opening a tainted file attachment using a computer on the targeted network; remote desktop protocol abuse, in which a cybercriminal obtains legitimate login credentials and uses those credentials to take control of a computer on the targeted network remotely; and unpatched software vulnerabilities, in which a cybercriminal uses known exploits to attack a network running software or systems that have not been updated recently. The British Library recently published “Learning Lessons from the Cyber-Attack: British Library cyber incident review,” available as a free PDF download.

Author Image
Matt Enis

menis@mediasourceinc.com

@MatthewEnis

Matt Enis (matthewenis.com) is Senior Editor, Technology for Library Journal.

Comment Policy:
  • Be respectful, and do not attack the author, people mentioned in the article, or other commenters. Take on the idea, not the messenger.
  • Don't use obscene, profane, or vulgar language.
  • Stay on point. Comments that stray from the topic at hand may be deleted.
  • Comments may be republished in print, online, or other forms of media.
  • If you see something objectionable, please let us know. Once a comment has been flagged, a staff member will investigate.


RELATED 

ALREADY A SUBSCRIBER?

We are currently offering this content for free. Sign up now to activate your personal profile, where you can save articles for future viewing

ALREADY A SUBSCRIBER?